Make the session cookie secure if the IdP is accepting authn requests over a secure...

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2738 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
index ddb8d71..2be4144 100644 (file)
--- a/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
+++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/authn/AuthenticationEngine.java
@@ -507,7 +507,7 @@ public class AuthenticationEngine extends HttpServlet {
             sessionCookie.setPath(contextPath);
         }
         
-        sessionCookie.setSecure(false);
+        sessionCookie.setSecure(httpRequest.isSecure());
         sessionCookie.setMaxAge(-1);
 
         httpResponse.addCookie(sessionCookie);